PostgreSQL 2009-09-09 Security Update

Posted on 2009-09-08

The PostgreSQL Project today released minor versions updating all active branches of the PostgreSQL object-relational database system, including versions 8.4.1, 8.3.8, 8.2.14, 8.1.18, 8.0.22, and 7.4.26. This release fixes one moderate-risk and two low-risk security issues: an authentication issue, a denial of service issue, and a privilege-escalation exploit. All users should upgrade their database installations as soon as reasonably possible.

This update release also fixes the "could not reattach shared memory" issue which has plagued many Windows PostgreSQL users, and updates time zone files for several countries. There are 23 other minor fixes, many of them affecting only version 8.4. See the release notes for full details.

As with other minor releases, users are not required to dump and reload their database in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users skipping more than one update may need to check the release notes for extra, post-update steps.